";
$Type = addslashes($_POST["Type"]);
$Shop = addslashes($_POST["Shop"]);
$ID = addslashes($_POST["ID"]);
$ShopQ = mysql_query("SELECT * from shop_stock where shop_id = '$Shop'") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__);
$ShopR = mysql_fetch_array($ShopQ);
$GetItemInfo = mysql_query("SELECT * from `$Type` where {$Type}_id='$ID'") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__);
$ItemInfo = mysql_fetch_array($GetItemInfo);
$stockName = $ItemInfo["name"];
$GetShopInfo = mysql_query("SELECT * from `shops` where shop_id='$Shop'") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__);
$ShopInfo = mysql_fetch_array($GetShopInfo);
$cost = ceil($ItemInfo["cost"] * $ShopInfo["price_inflate"]);
if($CharacterInfo['money'] >= $cost){
$temp = TakeMoney($cost);
$OldNum = mysql_query("SELECT owned from `inventory` where user_id='$sess_user_id' AND item_id='$ID' AND item_type='$Type'") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__);
if(mysql_num_rows($OldNum) == 1){
$OldNum = mysql_fetch_array($OldNum);
$NewNum = $OldNum["owned"] + 1;
mysql_query("UPDATE inventory SET owned = '$NewNum' WHERE user_id = '$sess_user_id' AND item_id = '$ID'") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__);
} else {
$NewNum = 1;
mysql_query("INSERT INTO inventory values ('$sess_user_id', '$ID', '$Type', '1')") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__);
}
$newStock = $ShopR["stock_amount"] - 1;
if($newStock == 0){
mysql_query("DELETE from shop_stock where shop_id = '$Shop' AND stock_id = '$ID'") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__);
} else {
mysql_query("UPDATE shop_stock set stock_amount ='$newStock' WHERE stock_id = 'ID' AND shop_id = '$Shop'") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__);
}
mysql_query("UPDATE users set money = '$sess_user_money' where user_id = '$sess_user_id'") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__);
print "You have purchased a $stockName";
} else {
print "You cannot affort the $stockName";
}
} else {
if(!$loggedin){
print "You must be logged in to do that!";
} else {
$Type = addslashes($_GET["itemType"]);
$ID = addslashes($_GET["itemID"]);
$Shop = addslashes($_GET["shopID"]);
if($Type != "" && $ID != "" && $Shop != ""){
$GetItemInfo = mysql_query("SELECT * from `$Type` where {$Type}_id='$ID'") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__);
$GetShopInfo = mysql_query("SELECT * from `shops` where shop_id='$Shop'") or print(mysql_error() . " " . __FILE__ . " #" . __LINE__);
if(mysql_num_rows($GetItemInfo) == 1){
$ItemInfo = mysql_fetch_array($GetItemInfo);
$ShopInfo = mysql_fetch_array($GetShopInfo);
?>
